[c-nsp] Proxy ARP -- To disable, or not to disable..
Pete Templin
petelists at templin.org
Fri Mar 21 15:21:22 EDT 2008
Eric Cables wrote:
> A recent network audit has discovered that Proxy ARP is enabled on pretty
> much every L3 interface in the network. As a Cisco default, this isn't
> surprising, since no template configs have it disabled.
>
> The question is: whether or not I should go back and disable it, or just
> leave it be, since it doesn't appear to be causing any problems.
Pros of leaving it on: devices with incorrect subnet masks and/or
gateways can still function. Those with incorrect subnet masks probably
have a portion of the Internet that's invisible, but are otherwise
functioning.
Pros of turning it off: devices with incorrect subnet masks and/or
gateways will be exposed.
We had other issues with our Adtran TA 600 series IADs by leaving it on,
but I can't remember what they were. We've made it standard practice to
turn off proxy arp anywhere and everywhere.
pt
More information about the cisco-nsp
mailing list